"There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users’ personal data. Several of these features began as benign services but have evolved in recent years to become powerful tools for acquiring user data.

Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement."

"The file_relay tool can be used to steal user’s information from iOS device, including email, location, social media accounts, the address book and the user cache folder, below the description provided in the presentation:

“Between this tool and other services, you can get almost the same information you could get from a complete backup,” “What concerns me the most is that this all bypasses the consumer backup encryption. When you click that button to encrypt the backup, Apple has made a promise that the data that comes off the device will be encrypted.” Zdziarski said in an interview. "

A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.

Jonathan Zdziarski, a well-known iOS forensics expert, was spurred into digging into the OS after he read a report by Der Spiegel that said that the NSA used a software implant to access information on a target's iPhone and turn it into a recording device

Re: Hidden services in iOS devices could allow users’ surveillance

Another, slightly more recent story about this iOS 'backdoor' was published earlier today on 'The Guardian'. It's pretty detailed and has some great quotes from Jonathan Zdziarski (the researcher). You can read the full story here.

And here's an interesting portion of the story:

'Apple has explained these services as genuine “diagnostic” features to allow IT departments and store assistants to manage iPhones.

But Zdziarski said these functions break Apple promises in that they “bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer”.

“I understand that every OS [operating system] has diagnostic functions, however these services break the promise that Apple makes with the consumer when they enter a backup password; that the data on their device will only come off the phone encrypted,” he said in a blog post in response to Apple’s explanation for the tools’ existence.'

The pcapd utility, it is explained, "supports diagnostic packet capture from an iOS device to a trusted computer," and is used for "troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections."